r2996 - trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches

Fri, 22 Apr 2005 07:02:42 +0000

Author: horms
Date: 2005-04-22 07:02:41 +0000 (Fri, 22 Apr 2005)
New Revision: 2996

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff
Log:
 [CAN-2004-0790] Just silently ignore ICMP Source Quench message
s.  (See: #305655)

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff
===================================================================

--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff	2005-04-22 06:54:30 UTC (rev 2995)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff	2005-04-22 07:02:41 UTC (rev 2996)
@@ -0,0 +1,51 @@
+# origin: davem (BitKeeper)
+# cset: 1.1448.37.7 (2.4) key=414625edeBHgUwGcld08PACSp9LfiA
+# URL: http://linux.bkbits.net:8080/linux-2.4/cset@414625edeBHgUwGcld08PACSp9LfiA
+# inclusion: upstream
+# descrition: [TCP]: Just silently ignore ICMP Source Quench messages.
+# revision date: Fri, 22 Apr 2005 15:42:08 +1000
+#
+# S rset: ChangeSet|1.1448.37.6..1.1448.37.7
+# I rset: net/ipv4/tcp_ipv4.c|1.25..1.26
+#
+# Key:
+# S: Skipped  ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated  Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted  Manually deleted by subsequent user edit
+# R: Revised  Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/09/13 15:57:49-07:00 davem@nuts.davemloft.net 
+#   [TCP]: Just silently ignore ICMP Source Quench messages.
+#   
+#   Recommended by draft-gont-tcpm-icmp-attacks-01.txt
+#   
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+# net/ipv4/tcp_ipv4.c
+#   2004/09/13 15:57:37-07:00 davem@nuts.davemloft.net +1 -5
+#   [TCP]: Just silently ignore ICMP Source Quench messages.
+# 
+#
+===== net/ipv4/tcp_ipv4.c 1.25 vs 1.26 =====
+--- 1.25/net/ipv4/tcp_ipv4.c	2004-03-29 15:55:12 +10:00
++++ 1.26/net/ipv4/tcp_ipv4.c	2004-09-14 08:57:37 +10:00
+@@ -1025,11 +1025,7 @@ void tcp_v4_err(struct sk_buff *skb, u32
+ 
+ 	switch (type) {
+ 	case ICMP_SOURCE_QUENCH:
+-		/* This is deprecated, but if someone generated it,
+-		 * we have no reasons to ignore it.
+-		 */
+-		if (sk->lock.users == 0)
+-			tcp_enter_cwr(tp);
++		/* Just silently ignore these. */
+ 		goto out;
+ 	case ICMP_PARAMETERPROB:
+ 		err = EPROTO;



